Posts Tagged build

OpenSSL-1.0.0a on AIX v5.3


Well once again I find myself scrambling to get something done that was known but not well communicated during the project life-cycle.  So I need to update all managed AIX machines running v5.3 to include OpenSSL (openssl-1.0.0a to be exact) and once again my disdain for AIX rears it ugly head, which is represented by the Zombie to the left 🙂  Aside from my personal dislike of the Korn shell… Maybe I am not being fair to AIX as I don’t really work in an AIX optimal environment, taking full advantage of all of the great tools they do have (NIM, clustering, SAN, etc…).  But managing them as 1-off’s just plain stinks.  Suffice it to say that I would NOT recommend deploying a stand-alone AIX server in any circumstance as you cannot realize anything near it’s full potential.  Anyway, here is what I did to rectify the issue at hand.

# Install SSL on AIX 5.3.0.0
# get the rpm.rte package on the system
mkdir /opt/ssl4AIX
cd /opt/ssl4AIX
installp -qacXgd rpm.rte rpm.rte
# Grab the other packages and put them on the AIX system
# http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/download.html
rpm -ivh gcc-4.2.0-3.aix5.3.ppc.rpm
rpm -ivh libgcc-4.2.0-3.aix5.3.ppc.rpm
# Create a sym link – Check this first following RPM installs for correct PATHS
# find / -name libgcc_s.a
# /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0/ppc64/libgcc_s.a
# /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0/pthread/ppc64/libgcc_s.a
# /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0/pthread/libgcc_s.a
# /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0/libgcc_s.a
# Now make the link
ln -s /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0/libgcc_s.a /usr/lib/libgcc_s.a
#
gunzip openssl-1.0.0a.tar.gz
tar -xf openssl-1.0.0a.tar
cd openssl-1.0.0a
./Configure shared –prefix=/usr aix-gcc
make
make test
# If all goes well !!!
make install

Incidentally, you need an IBM account if you want to download these packages from http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/download.html… LOL

That stinks as well 😦

Advertisements

, , , , , , , , ,

1 Comment

iSCSI SAN for CentOS 5.4


Well I guess I could have used OpenFiler for this… BUT here are a few steps to creating your own SAN-type-thing on CentOS 5.4…

#!/bin/bash
# iSCSI SAN for CentOS5.4
cd /usr/src
# Get the iscsi package
wget http://sourceforge.net/projects/iscsitarget/files/iscsitarget/1.4.20/iscsitarget-1.4.20.tar.gz/download
yum -y install kernel-devel openssl-devel gcc rpm-build make automake autoconf # you may already have these, this was a newer build for me so I didn’t…
tar -xzvf iscsitarget-1.4.20.tar.gz
cd iscsitarget-1.4.20
make
make install

# Name the disk
echo “Ok, I am going to name the disk for you”
echo “iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead” # awk only needed if u use FQDN’s
echo “BUT… you need to tell me what disk to use…”
df -h
echo “Type in the full path to your disk, i.e.(/dev/<md3>)”
read dname
touch /etc/initiators.allow
idname=”`echo iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname`”
echo “$idname 192.168.11.0/24” >> /etc/initiators.allow
touch /etc/initiators.deny
echo “ALL:ALL” >> /etc/initiators.deny
touch /etc/ietd.conf
echo “Target iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname” >> /etc/ietd.conf
echo ”        IncomingUser <uname>    <passwd>” >> /etc/ietd.conf
echo ”        OutgoingUser <uname>    <passwd>” >> /etc/ietd.conf
echo ”        Lun 0 Path=/dev/SAN/diskname,Type=fileio,IOMode=wb” >> /etc/ietd.conf
echo ”        Alias iSCSI for diskname” >> /etc/ietd.conf
echo ”        ImmediateData Yes” >> /etc/ietd.conf
echo ”        MaxConnections 1″ >> /etc/ietd.conf
echo ”        InitialR2T Yes” >> /etc/ietd.conf
yum -y install iscsi-initiator-utils open-iscsi
echo “InitiatorName=iqn.2010-04.factslx01-sanhead:factslx01” >> /etc/iscsi/initiatorname.iscsi
# /etc/iscsi/iscsid.conf
mv /etc/iscsi/iscsid.conf /etc/iscsi/iscsid.conf.bak
touch /etc/iscsi/iscsid.conf
chmod 600 /etc/iscsi/iscsid.conf
echo “# Default Settings” /etc/iscsi/iscsid.conf
echo “# Default Settings” /etc/iscsi/iscsid.conf
echo “#node.startup = automatic” /etc/iscsi/iscsid.conf
echo “#node.session.timeo.replacement_timeout = 120” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.login_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.logout_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.noop_out_interval = 5” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.noop_out_timeout = 5” /etc/iscsi/iscsid.conf
echo “#node.session.err_timeo.abort_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.session.err_timeo.lu_reset_timeout = 20” /etc/iscsi/iscsid.conf
echo “#node.session.initial_login_retry_max = 8” /etc/iscsi/iscsid.conf
echo “#node.session.cmds_max = 128” /etc/iscsi/iscsid.conf
echo “#node.session.queue_depth = 32” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.InitialR2T = No” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.ImmediateData = Yes” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.FirstBurstLength = 262144” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.MaxBurstLength = 16776192” /etc/iscsi/iscsid.conf
echo “#node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144” /etc/iscsi/iscsid.conf
echo “#discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768” /etc/iscsi/iscsid.conf
echo “#node.conn[0].iscsi.HeaderDigest = None” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.FastAbort = Yes” /etc/iscsi/iscsid.conf
echo “#” /etc/iscsi/iscsid.conf
echo “# Custom Settings” /etc/iscsi/iscsid.conf
echo “node.startup = automatic” /etc/iscsi/iscsid.conf
echo “node.session.auth.authmethod = CHAP” /etc/iscsi/iscsid.conf
echo “node.session.auth.username = <uname>” /etc/iscsi/iscsid.conf
echo “node.session.auth.password = <passwd>” /etc/iscsi/iscsid.conf
echo “node.session.auth.username_in = <uname>” /etc/iscsi/iscsid.conf
echo “node.session.auth.password_in = <passwd>” /etc/iscsi/iscsid.conf
echo “node.session.timeo.replacement_timeout = 120” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.login_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.logout_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.noop_out_interval = 10” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.noop_out_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.session.initial_login_retry_max = 10” /etc/iscsi/iscsid.conf
echo “node.session.cmds_max = 128” /etc/iscsi/iscsid.conf
echo “node.session.queue_depth = 32” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.InitialR2T = No” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.ImmediateData = Yes” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.FirstBurstLength = 262144” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.MaxBurstLength = 16776192” /etc/iscsi/iscsid.conf
echo “node.conn[0].iscsi.MaxRecvDataSegmentLength = 131072” /etc/iscsi/iscsid.conf
echo “discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.FastAbort = No” /etc/iscsi/iscsid.conf
echo “# EOF” /etc/iscsi/iscsid.conf
service iscsi start
i=”`ifconfig |grep -v 127.0.0.1|grep “inet addr:” |awk -F “:” ‘{print $2}’|cut -c 1-14`”
iscsiadm -m discovery -t st -p $i # IP for iSCSI host
iscsiadm -m node -p $i -T iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname –login

So there it is !!! Now go use OpenFiler… LOL -> http://www.openfiler.com/

, , , , , , , , , ,

2 Comments

Teaser


Ya this is exactly that, a teaser. I am going, well have already started to work on a custom linux distro guide based on CentOS 5.4 with a focus on gateway/web settings.  I will not waste your time with non-working attempts on this one so it may be a bit before I actually have something that will install and do exactly what I am stating here without issues.  I will post items of interest throughout the process however as they present themselves.  Stay tuned.

, , , , , , ,

Leave a comment

CUPS… Ain’t no cup -o- Joe…


Ok… So I work in an environment that requires printing from the UNIX/Linux hosts I manage… Printing sucks… plain and simple.  Anyway… We are moving a customer from a SCO box to a new RHEL 5 platform so off I go into the testing phase for printing.  CUPS being my obvious choice, I will just give you the quick-n-dirty version here as I spent WAY too much time looking @ this, but too late now.

So lets say you are starting from the very beginning, like I was with a raw build.  First things first… get CUPS (LOL):

yum -y install cups cups-devel (I grabbed the devel just for the heck-of-it, you may not need it)

This will give you (As of 4-8-2010):

cups-1.3.7-11.el5_4.6
cups-libs-1.3.7-11.el5_4.6
cups-devel-1.3.7-11.el5_4.6

Make sure it is “ON”:

chkconfig –list cups
cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off

Now for the actual setup…  This got a bit out of whack for me but I only say that to embarrass myself ?

We will be working from the /etc/cups directory here so navigate over there if you will please… 🙂  Not too much in here but a few files to config, the main file being cupsd.conf so lets open that one up and make something work shall we?

-rw——- 1 root lp      0 Mar  6 18:19 classes.conf
-rw-r–r– 1 root lp      0 Mar  6 18:19 client.conf
-rw-r–r– 1 root lp    141 Mar 10 13:00 client.conf.rpmsave
-rw-r—– 1 root lp   2704 Apr  8 11:28 cupsd.conf
-rw-r—– 1 root lp   2578 Mar  6 18:19 cupsd.conf.default
drwxr-xr-x 2 root root 4096 Mar  6 18:19 interfaces
-rw-r–r– 1 root root 4533 Mar  6 18:19 mime.convs
-rw-r–r– 1 root root 6298 Mar  6 18:19 mime.types
-rw-r–r– 1 root lp    215 Mar  6 18:19 pdftops.conf
drwxr-xr-x 2 root lp   4096 Apr  8 11:38 ppd
-rw——- 1 root lp    351 Apr  8 11:38 printers.conf
-rw——- 1 root lp      0 Mar  6 18:19 printers.conf.O
-rw-r–r– 1 root root  947 Mar  6 18:19 pstoraster.convs
-rw-r–r– 1 root lp    186 Mar  6 18:19 snmp.conf
drwx—— 2 root lp   4096 Apr  8 11:35 ssl

So there is the expected amount of jargon in here but we need to get the web interface working… Oh I should say that in fact some of what I am going to outline here is not necessary if you have an X Window running on the localhost (with a browser obviously).  I don’t have that in these installations so I need remote access to the CUPS web interface… I guess you could setup a VNC server as well and use that to the localhost, but that seems a bit to effort-full as I don’t need the VNC for anything else.  Anyway, open the file with your editor of choice and lets tweak a few things.  Most of this is @ the very top of the file so that is pretty reasonable.  For some reason this interface is REALLY finicky… so put this in correctly or you will be banging your head on the desk for a while…

# Only listen for connections from the local machine.
Listen localhost:631  <– This is the default, comes already written
Listen 192.168.11.25:631 <– I added this one…
Listen 192.168.11.25:80 <– and this one for remote access as I stated above. This is the server IP… That may not be as obvious as you think…
#Port 631 <– These can work also, but allow anything from anywhere, never a good idea
#Port 80
Listen /var/run/cups/cups.sock <– This is also a default, leave it alone

Go a few lines down…

# Default authentication type, when authentication is required…
DefaultAuthType Basic

# Restrict access to the server…
<Location />
Order allow,deny
Allow localhost <– Added
Allow @LOCAL <– Added
</Location>

# Restrict access to the admin pages…
<Location /admin>
#  Encryption Required <– this will force you to use HTTPS… not a bad idea, it is enabled by default
Order allow,deny
Allow localhost <– Added
Allow @LOCAL <– Added
</Location>

# Restrict access to configuration files…
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow localhost <– Added
Allow @LOCAL <– Added
</Location>

Basically, that’s it.  How the hell that took me more than 5 minutes to do is beyond me, but now it is guaranteed to take you only 5 minutes :).  I will also mention that I added a line in my firewall to allow port 631; I already allowed 80.

At this point you can browse to the CUPS web interface and start adding/managing your printers 🙂

https://<your-server-IP&gt;:631

The rest really is pretty self explanatory.  Happy printing 🙂

, , , , , , , , , , ,

Leave a comment